diff options
| author | drh <> | 2023-10-06 12:15:01 +0000 |
|---|---|---|
| committer | drh <> | 2023-10-06 12:15:01 +0000 |
| commit | 568643fd15e772481847b22b2ff50873b33b48ec (patch) | |
| tree | 096e9b57541a6083b8b20739f3dfd6c85da2b28b /src | |
| parent | 5d9446d1005c11652a4119331a664405a836336c (diff) | |
| download | sqlite-568643fd15e772481847b22b2ff50873b33b48ec.tar.gz sqlite-568643fd15e772481847b22b2ff50873b33b48ec.zip | |
Increase the size of some variables associated with the PMA sorter in order
to avoid any possibility of a signed integer overflow.
[https://bugs.chromium.org/p/chromium/issues/detail?id=1489025|Chromium fuzzer issue 1489025].
FossilOrigin-Name: dc3be3af471d90dd810c1e2cc59e83cf6a57f01971b1258ea0da402e4d577ef2
Diffstat (limited to 'src')
| -rw-r--r-- | src/vdbesort.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/vdbesort.c b/src/vdbesort.c index 2b7da94f7..008369030 100644 --- a/src/vdbesort.c +++ b/src/vdbesort.c @@ -186,7 +186,7 @@ struct SorterFile { struct SorterList { SorterRecord *pList; /* Linked list of records */ u8 *aMemory; /* If non-NULL, bulk memory to hold pList */ - int szPMA; /* Size of pList as PMA in bytes */ + i64 szPMA; /* Size of pList as PMA in bytes */ }; /* @@ -295,10 +295,10 @@ typedef int (*SorterCompare)(SortSubtask*,int*,const void*,int,const void*,int); struct SortSubtask { SQLiteThread *pThread; /* Background thread, if any */ int bDone; /* Set if thread is finished but not joined */ + int nPMA; /* Number of PMAs currently in file */ VdbeSorter *pSorter; /* Sorter that owns this sub-task */ UnpackedRecord *pUnpacked; /* Space to unpack a record */ SorterList list; /* List for thread to write to a PMA */ - int nPMA; /* Number of PMAs currently in file */ SorterCompare xCompare; /* Compare function to use */ SorterFile file; /* Temp file for level-0 PMAs */ SorterFile file2; /* Space for other PMAs */ @@ -1772,8 +1772,8 @@ int sqlite3VdbeSorterWrite( int rc = SQLITE_OK; /* Return Code */ SorterRecord *pNew; /* New list element */ int bFlush; /* True to flush contents of memory to PMA */ - int nReq; /* Bytes of memory required */ - int nPMA; /* Bytes of PMA space required */ + i64 nReq; /* Bytes of memory required */ + i64 nPMA; /* Bytes of PMA space required */ int t; /* serial type of first record field */ assert( pCsr->eCurType==CURTYPE_SORTER ); |